[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Frontends to administer servers

Dan Ros wrote:
-----Original Message----- From: Adrian 'Dagurashibanipal' von
(personal note: I'd not use mysql, but postgresql instead. YMMV.)

Generally: use whatever technology you know already. This means I
have a heavy anti-LDAP bias, but I know SQL quite well. For others,
this may mean that they'll use LDAP since they know how to set it
up and run it.

I think for what you want, both technologies can be used without
big problems, so it really comes down on how much time do you spend
 learning the tools. (As for authentication: yes, there are many
LDAP backends for server applications. But there are many sql
backends for server applications, too.)

I am also trying to decide between ldap and [my]sql for a centralised
 authentication and management system.

Seems to be that on the plus side for ldap, it has fairly mature
application interfaces and pre-existing data structures for things
like bind zonefiles. On the minus side i don't know anything about it
and it may be inflexible.

on the plus side you can also add the simplicity of database
replication and that you can use your ldap user directory also for your
mail clients (addressbook).

Mysql has the obvious advantage that coding up a php interface to it
all is very easy and I can write scripts to grab data out of the
database and create local config files from that.

there's no difference to LDAP. the php-ldap interface is pretty good and
well documented, the perl interface is also good, and it's no problem
to generate all things you like out of ldap.

On the minus side thats prone to flakiness and inconsistencies and
the pam_mysql module is woefully devoid of nss support and some other
nice features.

I'm wavering towards the path of putting a bit of time in to learn
LDAP and going for a proper solution (instead of bunch-of-scripts
mysql solution) which should be more extensible and scalable in the
long term. Personally though I don't see why LDAP is any better than
a properly constructed database, other than the application
interfaces that already exist.

i guess there must be some reason why eDirectory, ADS and Domino use
LDAP ;-)
I personally like the replication process and ldap _is_ optimized for
search access. LDAP authentication and other things (mail aliases, ...)
are pretty easy to implement in almost any software...

best regards
          \\\ ||| ///                               _\=/_
           (  @ @  )                                (o o)
| Markus Schabel      TGM - Die Schule der Technik   www.tgm.ac.at |
| IT-Service          A-1200 Wien, Wexstrasse 19-23  net.tgm.ac.at |
| markus.schabel@tgm.ac.at                   Tel.: +43(1)33126/316 |
| markus.schabel@members.fsf.org             Fax.: +43(1)33126/154 |
| FSF Associate Member #597, Linux User #259595 (counter.li.org)   |
|        oOOo        Yet Another Spam Trap:     oOOo               |
|       (    )    oOOo    yast@tgm.ac.at       (   )     oOOo      |
+--------\  (----(   )--------------------------\ ( -----(   )-----+
          \_)     ) /                            \_)      ) /
                 (_/                                     (_/

Computers are like airconditioners:
  They stop working properly if you open windows.

Reply to: